modified

Add HTTPS support with Caddy and clean up legacy files
- Add Caddy reverse proxy for automatic HTTPS with Let's Encrypt - Update docker-compose.yml with Caddy service and internal networking - Remove all Redis dependencies (not needed for this deployment) - Fix Dockerfile permissions for instance and uploads directories - Move legacy scripts to old_code_documentation folder - add_muted_column.py, check_fix_player.py, migrate_add_edit_enabled.py - docker-start.sh, run_dev.sh, start.sh, clean_for_deployment.sh - Add HTTPS_SETUP.md documentation for Caddy configuration - Update .env.example with DOMAIN and EMAIL variables - Remove redis package from requirements.txt - Remove rate limiting Redis storage from config.py
2025-12-12 15:52:04 +02:00 · 2025-12-11 16:56:44 +02:00
14 changed files with 163 additions and 24 deletions
--- a/43
+++ b/43
@@ -0,0 +1,43 @@
+{
+    # Global options
+    email {$EMAIL}
+    # Uncomment for testing to avoid rate limits
+    # acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
+}
+
+{$DOMAIN:localhost} {
+    # Automatic HTTPS (Caddy handles Let's Encrypt automatically)
+    
+    # Reverse proxy to Flask app
+    reverse_proxy digiserver:5000 {
+        # Headers
+        header_up Host {host}
+        header_up X-Real-IP {remote_host}
+        header_up X-Forwarded-For {remote_host}
+        header_up X-Forwarded-Proto {scheme}
+        
+        # Timeouts for large uploads
+        transport http {
+            read_timeout 300s
+            write_timeout 300s
+        }
+    }
+    
+    # File upload size limit (2GB)
+    request_body {
+        max_size 2GB
+    }
+    
+    # Security headers
+    header {
+        Strict-Transport-Security "max-age=31536000; includeSubDomains"
+        X-Frame-Options "SAMEORIGIN"
+        X-Content-Type-Options "nosniff"
+        X-XSS-Protection "1; mode=block"
+    }
+    
+    # Logging
+    log {
+        output file /var/log/caddy/access.log
+    }
+}
--- a/6
+++ b/6
@@ -4,15 +4,15 @@ FROM python:3.13-slim
 # Set working directory
 WORKDIR /app

-# Install system dependencies
-# Note: LibreOffice is excluded from the base image to reduce size (~500MB)
-# It can be installed on-demand via the Admin Panel → System Dependencies
+# Install system dependencies including LibreOffice for PPTX conversion
 RUN apt-get update && apt-get install -y \
    poppler-utils \
    ffmpeg \
    libmagic1 \
    sudo \
    fonts-noto-color-emoji \
+    libreoffice \
+    libreoffice-impress \
    && rm -rf /var/lib/apt/lists/*

 # Copy requirements first for better caching
--- a/app/config.py
+++ b/app/config.py
@@ -87,9 +87,6 @@ class ProductionConfig(Config):
    # Security
    SESSION_COOKIE_SECURE = True
    WTF_CSRF_ENABLED = True
-    
-    # Rate Limiting
-    RATELIMIT_STORAGE_URL = f"redis://{os.getenv('REDIS_HOST', 'redis')}:6379/1"


 class TestingConfig(Config):
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -4,8 +4,8 @@ services:
  digiserver:
    build: .
    container_name: digiserver-v2
-    ports:
-      - "80:5000"
+    expose:
+      - "5000"
    volumes:
      - ./instance:/app/instance
      - ./app/static/uploads:/app/app/static/uploads
@@ -21,14 +21,33 @@ services:
      timeout: 10s
      retries: 3
      start_period: 40s
+    networks:
+      - digiserver-network

-  # Optional: Redis for caching (uncomment if needed)
-  # redis:
-  #   image: redis:7-alpine
-  #   container_name: digiserver-redis
-  #   restart: unless-stopped
-  #   volumes:
-  #     - redis-data:/data
+  caddy:
+    image: caddy:2-alpine
+    container_name: digiserver-caddy
+    ports:
+      - "80:80"
+      - "443:443"
+      - "443:443/udp"  # HTTP/3
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile:ro
+      - caddy-data:/data
+      - caddy-config:/config
+    environment:
+      - DOMAIN=${DOMAIN:-localhost}
+      - EMAIL=${EMAIL:-admin@localhost}
+    depends_on:
+      - digiserver
+    restart: unless-stopped
+    networks:
+      - digiserver-network

-# volumes:
-#   redis-data:
+networks:
+  digiserver-network:
+    driver: bridge
+
+volumes:
+  caddy-data:
+  caddy-config:
--- a/old_code_documentation/.env.example
+++ b/old_code_documentation/.env.example
@@ -5,13 +5,13 @@ FLASK_ENV=development
 # Security
 SECRET_KEY=change-this-to-a-random-secret-key

+# Domain & SSL (for HTTPS with Caddy)
+DOMAIN=your-domain.com
+EMAIL=admin@your-domain.com
+
 # Database
 DATABASE_URL=sqlite:///instance/dev.db

-# Redis (for production)
-REDIS_HOST=redis
-REDIS_PORT=6379
-
 # Admin User Credentials (used during initial Docker deployment)
 # These credentials are set when the database is first created
 ADMIN_USERNAME=admin
--- a/old_code_documentation/HTTPS_SETUP.md
+++ b/old_code_documentation/HTTPS_SETUP.md
@@ -0,0 +1,75 @@
+# DigiServer v2 - HTTPS Setup with Caddy
+
+This setup uses **Caddy** as a reverse proxy with automatic HTTPS via Let's Encrypt.
+
+## Quick Setup
+
+### 1. Configure Domain
+Create a `.env` file or edit the existing one:
+
+```bash
+cp .env.example .env
+```
+
+Edit `.env` and set:
+```
+DOMAIN=your-domain.com
+EMAIL=admin@your-domain.com
+```
+
+### 2. Point Your Domain
+Make sure your domain's DNS A record points to your server's IP address.
+
+### 3. Start Services
+```bash
+docker compose up -d
+```
+
+That's it! Caddy will **automatically**:
+- Obtain SSL certificates from Let's Encrypt
+- Renew certificates before expiration
+- Redirect HTTP to HTTPS
+- Enable HTTP/2 and HTTP/3
+
+## Access Your Site
+
+- **HTTP**: http://your-domain.com (redirects to HTTPS)
+- **HTTPS**: https://your-domain.com
+
+## Testing Locally (Without Domain)
+
+If you don't have a domain yet, leave DOMAIN as `localhost`:
+```
+DOMAIN=localhost
+```
+
+Then access: http://localhost (no HTTPS, but app works)
+
+## Certificate Storage
+
+SSL certificates are stored in Docker volumes:
+- `caddy-data` - Certificate data
+- `caddy-config` - Caddy configuration
+
+## Troubleshooting
+
+### Check Caddy logs:
+```bash
+docker logs digiserver-caddy
+```
+
+### Verify certificates:
+```bash
+docker exec digiserver-caddy caddy list-certificates
+```
+
+### Force certificate renewal:
+```bash
+docker exec digiserver-caddy caddy reload --config /etc/caddy/Caddyfile
+```
+
+## Port Forwarding
+
+Make sure your firewall/router allows:
+- Port 80 (HTTP - for Let's Encrypt challenge)
+- Port 443 (HTTPS)
--- a/old_code_documentation/add_muted_column.py
+++ b/old_code_documentation/add_muted_column.py
--- a/old_code_documentation/check_fix_player.py
+++ b/old_code_documentation/check_fix_player.py
--- a/old_code_documentation/clean_for_deployment.sh
+++ b/old_code_documentation/clean_for_deployment.sh
@@ -4,7 +4,12 @@

 set -e

+# Get the root directory of the application
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+APP_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
+
 echo "🧹 Cleaning DigiServer v2 for deployment..."
+echo "📍 App root: $APP_ROOT"
 echo ""

 # Confirm action
@@ -18,6 +23,9 @@ fi
 echo ""
 echo "📦 Cleaning development data..."

+# Change to app root directory
+cd "$APP_ROOT"
+
 # Remove database files
 if [ -d "instance" ]; then
    echo "  🗄️  Removing database files..."
--- a/old_code_documentation/docker-start.sh
+++ b/old_code_documentation/docker-start.sh
--- a/old_code_documentation/migrate_add_edit_enabled.py
+++ b/old_code_documentation/migrate_add_edit_enabled.py
--- a/old_code_documentation/run_dev.sh
+++ b/old_code_documentation/run_dev.sh
--- a/old_code_documentation/start.sh
+++ b/old_code_documentation/start.sh
--- a/requirements.txt
+++ b/requirements.txt
@@ -16,9 +16,6 @@ Flask-Caching==2.1.0
 SQLAlchemy==2.0.37
 alembic==1.14.1

-# Redis (for caching in production)
-redis==5.0.1
-
 # Date parsing
 python-dateutil==2.9.0